John McAfee Offers To Decrypt San Bernardino iPhone For the FBI and Save America (hothardware.com) 364
MojoKid writes: Wondering what John McAfee is up to these days? It's not sniffing bath salts nor is he fleeing foreign countries as a person of interest in a murder investigation and faking heart attacks (been there, done all that) ; instead, he's on a mission to save America. How so? By cracking the code on the San Bernardino iPhone that's causing such a ruckus. McAfee didn't just criticize the FBI; instead he offered a potential solution. Let him and his team of hackers break into the iPhone without any help from Apple. "With all due respect to Tim Cook and Apple, I work with a team of the best hackers on the planet. These hackers attend Defcon in Las Vegas, and they are legends in their local hacking groups, such as HackMiami. They are all prodigies, with talents that defy normal human comprehension," McAfee said. Eccentric rant aside, McAfee's offer is simple - give him three weeks and he will, "free of charge, decrypt the information on the San Bernardino phone" with his team of hackers. He'll do it using mostly social engineering.
What's he on, today? (Score:5, Informative)
McAfee is clearly off his rocker. The only person or persons who he could expect to socially engineer his way through are dead.
Re:What's he on, today? (Score:5, Insightful)
Unless he believes Apple has the ability to decrypt the device and plans on socially engineering them.
Re:What's he on, today? (Score:5, Insightful)
The FBI is not asking Apple to decrypt it. They're asking Apple to load a new firmware on it that removes the limit and delay on the number of tries before the device wipes itself so they can brute-force it. They've even told Apple that they can do it in-house so there's no chance the method will be used on anyone else's phone.
Apple doesn't want to admit that they can flash new firmware to the locked device even though everyone knows they can.
Re:What's he on, today? (Score:5, Insightful)
Apple doesn't want to admit that they can flash new firmware to the locked device even though everyone knows they can.
According to one legal analyst, the FBI and NSA already have this capability. What the government is looking for in this court case is a legal precedent to force companies to do this for them and make the data recovery admissible in court.
Re:What's he on, today? (Score:5, Insightful)
That's it in a nutshell.
Re:What's he on, today? (Score:5, Interesting)
So John McAfee can make a boast that won't get tested. He gets to proclaim himself supreme ninja badass knowing nobody will call his bluff, AND illustrate that when the government doesn't take him up on his offer it is because they are after something other than what they claim.
*golf clap*
Well played, Mr. McAfee.
Re:What's he on, today? (Score:5, Interesting)
Re: (Score:3)
But he's claiming his method is sociological (which is dumb, the people with the password are dead) not technological. One definitely can't socially engineer their way into a test device from someone who takes security seriously, as I assume Apple would.
Re:What's he on, today? (Score:5, Interesting)
I think they're also aiming to (eventually) use OS updates - which can be done remotely - to hack phones without having to have physical possession. Because seizing the phone can't be done without the owner knowing it, and getting warrants means dealing with judges. If they can do it remotely, they can ignore due process.
Re: (Score:3, Informative)
I think they're also aiming to (eventually) use OS updates - which can be done remotely - to hack phones without having to have physical possession. Because seizing the phone can't be done without the owner knowing it, and getting warrants means dealing with judges. If they can do it remotely, they can ignore due process.
Apple CANNOT Force an OS Update onto an iPhone remotely. I requires the User to either bring up the Update function or at the very least, Confirm a Dialog prompt.
And I would doubt Apple can do so even with physical access, without taking the phone apart to expose JTAG (or similar) pins.
Re:What's he on, today? (Score:4, Informative)
Look, the defenses against this in the 5/5C and earlier models are primarily in software, so there are ways to get around it with software. Doing this requires writing new software that Apple didn't have before, and exploiting a vulnerability.
This won't work on any iPhone Apple is currently selling, by the way.
Is it your opinion that any company that mentions privacy, but has sold equipment that is designed to be easy to use and happens to not be able to stop a major megacorp breakin is lying or hypocritical?
Re: (Score:3, Insightful)
Or so they say. They've also said they couldn't break in to phones with the wipe feature at all, but that's very, very clearly not true.
I think you are conflating what is probable with time, research, and resources, with what they have in hand today. Anyone knowledgable about device security would acknowledge that there are flaws that would allow hacking into the phone, but that doesn't mean Apple has them available today to access this device. So it is NOT at all evident that when Apple "said they couldn't break in to phones with the wipe feature" that such statements were "very, very clearly not true." Note I am not saying they may not
Re:What's he on, today? (Score:4, Informative)
Only Apple has the key to sign their firmware image. OK, maybe the NSA but they'd never share that capability with the FBI.
Re:What's he on, today? (Score:5, Informative)
Apple doesn't want to admit that they can flash new firmware to the locked device even though everyone knows they can.
According to one legal analyst, the FBI and NSA already have this capability. What the government is looking for in this court case is a legal precedent to force companies to do this for them and make the data recovery admissible in court.
I came to this conclusion yesterday. Some clueless folks elsewhere were arguing that there might be a zero day exploit that Apple could use (um, paradox, anyone?) that would get the trick done. My point was that if such were available chances are the FBI, NSA, whomever would already know about it or be in a position to find out about it, and that would be an easier and cheaper route to take.
It's obvious that they want to force Apple to do this as a precedent, particularly now that iPhone 6 + cannot be "hacked" in this manner.
Re: (Score:2)
Edward Snowden is not a legal analyst.
I wasn't referring to him.
Re: (Score:2)
Apple clearly can take that phone, throw it on the bench and have their way with it.
Re:What's he on, today? (Score:5, Funny)
Re: (Score:3)
Is there some reason they can't clone the device? That would buy them unlimited attempts.
Re: (Score:2)
Hardware based encryption. No way to extract the key.
Re: (Score:2)
The fact of the matter is that the FBI could probably get the NSA to expose the hardware encryption, although there's a chance of failure, and having done so clone the damn thing as much as they wanted. It would just take a year or so and cost a shitload of money. Much easier to try and bully Apple into doing their bidding
The Fact Of The Matter (Score:3, Informative)
The fact of the matter is that
I don;t think that means what you think it means.
Your wild-ass and misguided assumptions are not facts.
Re: (Score:2)
That also only cracks this phone. If they can get Apple to cough up the right info, they can use OS update features to crack all iPhones, everywhere, remotely.
Re: (Score:2)
They cannot clone that encryption key.
Re:What's he on, today? (Score:5, Informative)
Apple devices have an additional "trick" beyond just PBKDF2 - There's a random AES key burned into the CPU, and it's wired such that it can be set/erased, but not directly read - it can only be fed as the key into an AES engine.
I am not sure if Apple's PBKDF2 has this AES engine as part of the loop, or if it just feeds the key that comes out of PBKDF2 through the AES engine, but the end result is, on any given device, the AES key that results from a given passphrase is unique to that device and cannot be reproduced off-device.
So if someone just clones the device's flash contents, they have to resort to brute-forcing AES directly, as opposed to trying to brute-force passcodes.
So you can only brute-force passcodes on-device (something like 80ms per try on this model, newer models have a 5 seconds per try limitation), and Apple's software doesn't even allow you to do that. The FBI wants to at LEAST get on-device brute-force capability.
Which might still take years if the user had a reasonably strong passphrase.
Thought - DPA (Score:2)
Forgot about this, but CRI might have some tricks up their sleeve. They MIGHT have the ability to DPA the AES engine if Apple didn't license their countermeasures - http://www.rambus.com/security... [rambus.com]
Re: (Score:2)
You can easily clone an encypted DVD exactly and be able to play it anywhere. What is hard is to copy the data, transcode it and write it back in another format without DVD John getting involved with his magic key
Re: (Score:2)
This would be the best outcome.
Re:What's he on, today? (Score:5, Insightful)
Close. I don't think he would wipe the phone, that would make too much trouble even for a man with MacAfee's history.
No, he's shedding a light on how absurd the FBI's story on this item is. "Oh my goodness, there's a phone connected to this tragedy and we don't know what the 109 messages say! Even though we know who did it, we know that the messages went to Africa, we know the times and the recipient(s), we have all the meta-data. Oh, and we have the full resources of the FBI, CIA, NSA, DOD, the Five Eyes, and we've data-mined the entire planet. Yet John MacAfee can break into this phone with a tiny group of volunteer hackers and we just can't figure that out at all."
The only thing the FBI is trying to do here is to cynically use a tragedy to set official, legal precedent. They are attempting to bully the phone makers to give them anything they want, any time they want it. This has nothing to do with the San Bernardino shooting beyond winning sympathy and support for the spying goals of the FBI.
J. Edgar Hoover would be proud. Also Niccolo Machiavelli. We've been giving the Three Letter Agencies anything they want since 9/11 and they've grown fat and entitled on the spoils.
Re:What's he on, today? (Score:5, Interesting)
McAfee is clearly off his rocker.
I work with a team of the best hackers on the planet. These hackers attend Defcon in Las Vegas, and they are legends in their local hacking groups, such as HackMiami. They are all prodigies, with talents that defy normal human comprehension,
Hey, if these hackers are the ones that starred in his last video [youtube.com], and he's going to make another one describing how he plans/executed this hack, I'm all for it.
Re: (Score:3)
Posting to negate moderation.
I accidentally the post!
(clicked overrated rather than funny. sorry about that!)
Re: (Score:3)
Re: (Score:2)
If he works with "a team of the best hackers on the planet," surely the Long Island Medium must be among them...
(BTW, I bet even the nerds on the team make fun of her hair.)
Re: (Score:3)
I really want some of what John McAfee is smoking.
Re: (Score:2)
Social engineering doesn't require they be alive or that you communicate with them.
If he finds out the password is the year they were born in, that's still social engineering. If he teases information out of the neighbors that leads him to guessing the right password, that's still social engineer.
You'll rarely succeed in a direct social engineering attack, people start to detect it when you ask too many questions of them directly. It works great when you target mom and dad, a sibling, a secretary or boss
Re: (Score:2)
You're a bit dull to be name-calling based on your presumed intellectual superiority.
It took about half a second for me to notice that an attack vector would be Apple, because they're the ones with the private keys needed to install modified firmware. And, presumably there are live humans at Apple that are potentially susceptible to social engineering attacks.
Unlikely his people are that good, but there is an available (very difficult) solution that matches his claim.
Your inability to think even all the way
Impressive! (Score:5, Funny)
Re: (Score:2)
I came here to say this!!!! with a pedigree like:
These hackers attend Defcon in Las Vegas, and they are legends in their local hacking groups, such as HackMiami.
How could they fail?
Re: (Score:3, Funny)
At least it isn't Deaf Con in Reno.
Comment removed (Score:4, Funny)
"He'll do it using mostly social engineering." (Score:2, Funny)
The suspects are dead. Are they going to attempt a seance?
Re: (Score:3)
Seems like a natural fit (Score:5, Funny)
--
What happens when an unstoppable force meets an irremovable object?
Re: (Score:2)
Last week I had to disconnect a system from the internet because It wouldn't allow me to get to the next step of the uninstall because the upsell page wouldn't load.
Can you work with an image? (Score:2)
How hard is it to image the entire storage area on iPhone? Like, a bit for bit copy of everything on it? And then.. just load the image into a vm and brute force the PIN, while leaving the original device intact?
Re:Can you work with an image? (Score:5, Informative)
The encryption keys and protection mechanism are hardware based, not software based. The bytes in storage are useless without the phone's exact hardware. Unless they try and brute force the encryption. How many millions of years would that take?
Re: (Score:2)
Would take longer that the remaining lifetime of the universe or alternately more energy and matter than is available if the universe goes for heat-death.
Re: (Score:2)
It could be any string, actually. People most often use 4 digit pins, but you can choose a longer password if you like.
Re:Can you work with an image? (Score:5, Informative)
Re: (Score:3)
Re: (Score:3)
Starting in iPhone6, the hardware ("secure enclave") will destroy its key if there are ten bad PIN entries in a row. The same hardware is designed such that updating it's software will also destroy the key. So the trick won't work anymore.
Apple has already said that they could break an iPhone 6 in a similar manner. So the exact same trick may not work, but there's still a way.
Re: (Score:2)
A lab operating on an image will have to directly brute-force AES, as the PBKDF2 result is encrypted with a device-specific key before it is used.
e.g. entering pin 0000 will result in a different AES key on every individual device in existence.
Re: (Score:2)
And how would you do that for the secure key storage hardware that does not offer that functionality?
Re: (Score:3)
The key is a derivative of the PIN that has been encrypted by a device-unique AES key that can be set and erased but NOT read back. The only thing that is wired to that memory cell's outputs is an AES engine's "key" input.
So it's not quite a PUF but it's pretty close.
Best route of attack other than decapping the chip and microprobing it is likely DPA.
Re:Can you work with an image? (Score:5, Insightful)
Re: (Score:3)
And anybody that knows their stuff just uses a secure passphrase with > 100 bits of entropy and Argon2 and nobody besides them will ever be able to unlock that. Apple only needs the hardware to make it very convenient to get secure crypto. It is entirely possible to do this securely in software only, just requires a user that is willing to remember more than 6 characters and letters.
Re:Can you work with an image? (Score:5, Informative)
You dont get it. This is the FBI's 'Rosa Parks' moment. They are using an incendiary case to force the issue that unbreakable encryption should not be allowed in casual use. They are trying to force the idea that it should be illegal to make an unbreakable lock and they are using this case to ram it home. They dont really give a shit about the data in this case, they want to cow the tech sector into not making their jobs harder.
THIS! I wish that I had mod points. You are correct, the case is entirely political. The Guardian has an article that explains in depth [theguardian.com] what you very succinctly stated. The big takeaway is that the actual data in this case doesn't really matter. However, the feds were fishing for the perfect inflammatory case to establish legal precedent (NPR had a great story on it earlier this week with a legal analyst who said that the Justice Department knew exactly what they were doing when they chose this case). Tim Cook is spot on in fighting this as a precedent matter more than anything else.
Re:Can you work with an image? (Score:5, Insightful)
Re: (Score:2)
Prevent the device from being able to write the invalid attempts count to wherever it writes it. Now try all 10,000 combinations, power cycling as needed. Thats the way hardware guys are thinking about it.
Re: (Score:2)
There's only one problem with that. Cracking up to 37 characters of unicode characters (even if you don't use the entire 200K+ set of printable characters) is slightly more difficult to brute force than the 256 bit AES key...
By my math, with 37 characters, you only need 121 unicode characters (not 121K. Just 121) to make roughly as many permutations as a 256 bit AES key.
Re: (Score:2)
That is not the problem. The problem is getting the encryption key out of the secure microcontroller storing it. Seriously, your amateur-level approach is among the very first things the experts will check for feasibility... and will find that it does not work here as.
dammit John, FOCUS! (Score:5, Funny)
A Trump / McAfee ticket is the closest thing we can get to having President Dwayne Elizondo Mountain Dew Herbert Camacho in real life.
Re: (Score:3)
Honestly, I'd probably vote for Terry Crews if he ran.
It would be comedy gold... (Score:3)
If only they would take him up on his offer. The first thing that came to mind was Kip driving over the plastic bowl with the camper van.
Dang it!
All the phone will say is.... (Score:2)
"Eat at Luigi's!"
Re: (Score:3)
I don't understand (Score:2)
Re: (Score:2)
If you manage to dump the memory contents without tripping any protections that cause shit to be wiped you'll need to brute force a random 256-bit key.
Otherwise, you'd need to clone the whole fucking phone, including the hardened security chip, because it nukes the key after 10 failed attempts by default.
Re: (Score:2)
Well I didn't say it would be easy :D.
And Apple can't bypass their security chip, make the dump and hand it out to the FBI ?
Re: (Score:2)
They intentionally wired it so the key memory output only goes into the key input of a crypto engine - it can't be read back without decapping the CPU and microprobing it, and they may have put in countermeasures against that.
Re: (Score:2)
Re: (Score:2)
Well, as I understand it, the encryption is AES-256. So, in theory, it would take about 33,100,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years [eetimes.com], assuming you used the fastest supercomputer.
Re: (Score:2)
I should really read up on this stuff but it's hard.
Re: (Score:2)
No. There is a crypto key stored in a secure microcontroller. Unless they get the key out of that chip, they have nothing. At this time, it depends very much on implementation details whether Apple can even write that mystical software to allow unlimited tries.
Give him a chance - he'll murder that encryption (Score:2)
commentsubjectsaredumb (Score:2)
>He'll do it using mostly social engineering.
It seems like we (or the source) got this stuff a little hot, maybe from a handmade audio transcript. Over at Ars their take was
> About 75% [of the associates] are social engineers. The remainder are hardcore coders.
Plus the eating his shoe thing. Sensationalism or not I'm surprised that's not mentioned in TFA.
sneeky (Score:3)
Wait, what? (Score:2)
Re: (Score:3)
Oh, simple: He cannot do it. He will not get a chance to try either and he does know that as well.
how do you socially engineer the dead? (Score:2)
Using social engineering, huh? (Score:2)
>> He'll do it using mostly social engineering
"No problem. Just gimme the phone number, the address and the bank of the guy who owns the phone. I'll have him giving up the code by Sunday."
>> He's dead.
"F***!"
"Social Engineering" (Score:3)
By "social engineering", I take it he's not planning to directly attack the hardware of the phone, which means he's planning to use the only other logical approach to breaking into this phone (and to me the only obvious attack vector open to him or anyone else as long as Apple stand their ground [correctly]).
Because this phone has a four digit passphrase, this means that the owner of the phone has hit the same four sections of screen at least hundreds, and more likely thousands of times. Maybe it is possible using very delicate and incredibly accurate equipment to detect some sort of impact print on the screen where it has been used in those four spots repeatedly. If it is possible to do this, then you have cut down the number of password from 10,000 to 24 different possibilities. From here you need to check everything you know about the phone owner to see if any of those combinations are personally significant in any way - even if the combination is entirely random, you'll still have a 41.5% to break the password with 10 attempts...
Meh - then again I'm not a half-million dollar a year hacker, so what do I know?
-- Pete.
Re: (Score:2)
Wow - it's amazing the FBI didn't think of that.
Re: (Score:2)
Re: (Score:2)
My thought too. Nothing stopping him from taking any other iPhone 5c, setting Auto-Erase to on, and proving his hacking team's prowess on YouTube for the world to see.
(The exception is that the court order doesn't actually reveal what specific iOS version the iPhone is running. The FBI alludes, a lot, that it is running iOS 9.something, but doesn't otherwise clearly say. Which I find a bit suspicious; they spewed out a lot of other info about the device.)
Social Engineering? (Score:2)
iPhone Security explained.. (Score:5, Informative)
I'm going to perform a feat of social engineering! (Score:2)
Alternative theory (Score:2)
Whatever the outcome, Apple owes McAfee a favor (Score:5, Insightful)
McAfee's software, which comes loaded by default on millions of PCs, has been instrumental in making OS X more popular.
"the" sanburnadino iphone (Score:5, Insightful)
If your like me and had no idea wtf this article is talking about, apparently it was used in an american mass shooting:
https://en.wikipedia.org/wiki/... [wikipedia.org]
Funny they are so concerned with gaining access to this stupid phone when the real weapons used to commit the crime are sold almost everywhere in america.
Just contact Facebook (Score:2)
uhm (Score:3)
Re: (Score:2)
Or think you do.
Re:PR bull (Score:5, Interesting)
The whole thing is bullshit-on-hold. I already know the narrative; I've modeled the current government in abstract from bits and pieces I've picked up while not really paying attention.
You want to know how it plays out?
The government cracks the phone. It finds evidence of the shooting on there--possibly explicit, possibly vague. Regardless, it's evidence. They hold up this evidence and say, "If this hadn't been encrypted, we could have stopped this shooting!"
That's contingent on them actually cracking the phone, but it's the direction they're going. Notice the huge flaw in logic: They weren't in possession of the phone pre-shooting, and any software on the phone would be able to bypass the encryption. Network monitoring would have given them any unencrypted information. Encrypted messaging is a different facility, and any systems to look for certain key words would face both an incredible wall of false positives and misdirection by simple codes ("did you remember to pick up eggs?" "I'll buy them tonight around 8." Shooting is at 8pm). Doesn't matter; the narrative is swallowed by the masses, because people in groups don't think.
I doubt they'll fabricate evidence and claim they broke the encryption. They may be using this case as pressure, hoping to bring multiple such cases forward and continuously claim people are dying because of encryption. That's more conjecture; I'm pretty firm on their political play at the masses, but not on the power buildup via repeated demands for backdoor decryption capabilities through multiple tragedies. My models give me movie plots, but not firm projections; more data will elevate some of those movie plots to firm projections.
Just watch when they *do* break someone's encryption in one of these cases. Watch what they say after. They'll spin a narrative about how the encryption allowed the crime to occur, about how they could have stopped it if only there was an encryption back door.
Re: (Score:2)
Apparently dead people are better at keeping secrets.
Re: (Score:2)
Every coroner on every cop show on TV disagree with you. (Real life coroners have a more nuanced opinion.)
Re: (Score:3)
I'd have to use a "beating a dead horse" analogy here - except that the dead guy was a terrorist, not a horse. Either way though - no amount of whacking the corpse with a $5 wrench (or even one of those $5,000,000 NASA Space-wrenches) will have very much effect here.
Re: (Score:3, Funny)
I'd have to use a "beating a dead horse" analogy here [...] no amount of whacking the corpse with a $5 wrench
Well, there's your problem. If you really want results, you have to beat the correct horse with a battery staple.
Re: (Score:2)
He will send hookers to the agents responsible on the FBI-side to distract them, then he will vanish with the phone....
Re: (Score:3)
All 20 of you guys posting this same question could just scroll to a random point in this comment thread, read for 2 minutes, and hit a comment explaining why not.